1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

2421 Commits

Author SHA1 Message Date
NIIBE Yutaka
dfdcf14738 common,agent,dirmngr,g10,tools: Fix split_fields API.
* common/stringhelp.h (split_fields): Use const * for the strings in
the ARRAY.
(split_fields_colon): Likewise.
* common/stringhelp.c (split_fields, split_fields_colon): Fix
the implementation.
* agent/call-scd.c, agent/command.c: Follow the change.
* common/t-stringhelp.c, dirmngr/loadswdb.c: Likewise.
* g10/call-agent.c, tools/card-call-scd.c: Likewise.
* tools/card-yubikey.c, tools/gpg-card.c: Likewise.
* tools/gpg-card.h, tools/gpg-wks-client.c: Likewise.
* tools/gpgconf-comp.c, tools/gpgconf.c: Likewise.
* tools/wks-util.c: Likewise.

--

The strings in the ARRAY don't need to be released by caller, as those
are references.  It's easier to follow the code when it's explicitly
const *.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-18 10:20:23 +09:00
NIIBE Yutaka
8dfd0ebfd8 gpg,scd: Fix handling of KDF feature.
* g10/card-util.c (kdf_setup): Fix the default value.
* scd/app-openpgp.c (do_setattr): Support kdf-setup "off" by
Zeitcontrol.  Make sure Gnuk and Yubikey work well.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-16 12:49:20 +09:00
Werner Koch
6fcc263c18
keyboxd: Use D-lines instead of a separate thread.
* kbx/kbx-client-util.c (kbx_client_data_new): Add arg 'dlines'.
* g10/call-keyboxd.c (open_context): Set DLINES to true.
* sm/keydb.c (open_context): Ditto.
--

This allows to compile time switch between the D-line and the
fd-passing data communication between gpg/gpgsm and keyboxd. A quick
test with about 3000 OpenPGP keys showed that D-lines are only 10%
slower than the fd-passing based implementation.  Given that the
thread adds extra complexity we go for now with the D-line approach.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-10 12:14:02 +02:00
Werner Koch
29977e21d1
keyboxd: Add options --openpgp and --x509 to SEARCH.
* kbx/keyboxd.h (struct server_control_s): Replace the two request
objects by just one.  Add filter flags.
* kbx/kbxserver.c (cmd_search): Add options --openpgp and --x509.
(cmd_killkeyboxd): Do not return GPG_ERR_EOF.
* kbx/frontend.c (kbxd_release_session_info): Adjust for the new
request object.
(kbxd_search, kbxd_store, kbxd_delete): Ditto.
* kbx/backend-sqlite.c (struct be_sqlite_local_s): Add filter flags.
(run_sql_prepare): Add optional arg 'extra'.  Change callers.
(run_sql_bind_ntext): New.
(run_sql_bind_text): Just call run_sql_bind_ntext.
(run_select_statement): Add ctrl arg.  Implement the filter flags.

* g10/call-keyboxd.c (keydb_search): Use the --openpgp option.
--

As soon as we implement X.509 we need to have a way to return only
openpgp or x.509 certificates.  Gpg/gpgsm will then use the respective
flag.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-10 12:08:48 +02:00
Werner Koch
adec6a84f6
kbx: Change X.509 S/N search definition.
* kbx/keybox-search-desc.h (struct keydb_search_desc): Do not overload
SNLLEN with a hex flag.  Add SNHEX.
* kbx/keybox-search.c (keybox_search): Adjust.
* common/userids.c (classify_user_id): Adjust.
* sm/keydb.c (keydb_search_desc_dump): Adjust.
* g10/keydb.c (keydb_search_desc_dump): Adjust.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-09 20:34:59 +02:00
NIIBE Yutaka
2bc1ec2944 gpg,tools: Add handling of supported algorithms by a card.
* g10/call-agent.h (struct agent_card_info_s): Add supported_keyalgo.
* g10/call-agent.c (learn_status_cb): Parse KEY-ATTR-INFO.
(agent_release_card_info): Release supported_keyalgo.
* tools/gpg-card.h (struct card_info_s): Add supported_keyalgo.
* tools/card-call-scd.c (learn_status_cb): Parse KEY-ATTR-INFO.
(release_card_info): Release supported_keyalgo.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-08 15:34:42 +09:00
Werner Koch
65eb156980
gpg: Initialize a parameter to silence valgrind.
* g10/keygen.c (read_parameter_file): Initialize nline.
* g10/textfilter.c (copy_clearsig_text): Initialize bufsize.
--

In iobuf_read_line the parameter to pass and return the current buffer
length is controlled by the buffer parameter.  Thus there should be no
problem because the assert call check s buffer first.  For yet unknown
reasons when using the standard GNU libc assert valgrind complains
about an uninitialized variable.  That does not happen with our
log_assert.

Tested with gnupg 2.2.23 with gcc 8.3.0 and valgrind 3.14.0.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-04 11:32:47 +02:00
Werner Koch
8ec9573e57
gpg: Fix segv importing certain keys.
* g10/key-check.c (key_check_all_keysigs): Initialize issuer.
--

Fixes-commit: 404fa8211b6188a0abe83ef43a4b44d528c0b035
from 2017

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-02 15:30:44 +02:00
Werner Koch
497db0b5bc
keyboxd: Restructure client access code.
* kbx/kbx-client-util.c: New.
* kbx/kbx-client-util.h: New.
* kbx/Makefile.am (client_sources): New.
* g10/keydb.c (parse_keyblock_image): Rename to keydb_parse_keyblock
and make global.
* g10/call-keyboxd.c: Include kbx-client-util.h.
(struct keyboxd_local_s): Remove struct datastream.  Add field kcd.
Remove per_session_init_done.
(lock_datastream, unlock_datastream): Remove.
(prepare_data_pipe, datastream_thread): Remove.
(keydb_get_keyblock_do_parse): Remove.
(gpg_keyboxd_deinit_session_data): Release the KCD object.
(open_context): Use of kbx_client_data_new.
(keydb_get_keyblock): Simplify.
(keydb_search): Use kbx_client_data_cmd and _wait.
--

The data specific part of the code has been moved from gpg to a new
module in kbx/ so that it can also be used by gpgsm.  The OpenPGP
parsing while reading the data has been replaced by storing the data
in memory and parse it later.  That makes a nice interface and
abstracts the fd-passing/D-lines handling away.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-02 15:16:29 +02:00
Werner Koch
2cd8bae23d
Use only one copy of the warn_server_mismatch function.
* common/asshelp.c (warn_server_version_mismatch): New.  Actually a
slightly modified version of warn_version_mismatch found in other
modules.
* common/status.c (gnupg_status_strings): New.
* g10/cpr.c (write_status_strings2): New.
* g10/call-agent.c (warn_version_mismatch): Use the new unified
warn_server_version_mismatch function.
* g10/call-dirmngr.c (warn_version_mismatch): Ditto.
* g10/call-keyboxd.c (warn_version_mismatch): Ditto.
* sm/call-agent.c (warn_version_mismatch): Ditto.
* sm/call-dirmngr.c (warn_version_mismatch): Ditto.
* tools/card-call-scd.c (warn_version_mismatch): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-01 20:43:57 +02:00
Werner Koch
fc1a185755
gpg: Remove left over debug output from recent change.
* g10/import.c (collapse_subkeys): Remove debug out.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-25 15:20:28 +02:00
Werner Koch
633c1fea5f
gpg: Collapse duplicate subkeys.
* g10/options.h (IMPORT_COLLAPSE_UIDS): New.
(IMPORT_COLLAPSE_SUBKEYS): New.
* g10/gpg.c (main): Make them the default.
* g10/import.c (parse_import_options): New import options
"no-collapse-uids" and "no-collapse_subkeys".
(collapse_subkeys): New.
(import_one_real): Collapse subkeys and allow disabling the collapsing
using the new options.
(read_key_from_file_or_buffer): Always collapse subkeys.
* g10/keyedit.c (fix_keyblock): Call collapse_subkeys.
--

GnuPG-bug-id: 4421
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-25 10:33:57 +02:00
Werner Koch
96e15051ba
Add a new dist signing key
--

This is

  pub   ed25519 2020-08-24 [SC] [expires: 2030-06-30]
        6DAA 6E64 A76D 2840 571B  4902 5288 97B8 2640 3ADA
  uid                      Werner Koch (dist signing 2020)
2020-08-24 19:47:26 +02:00
Werner Koch
32aac55875
build: New configure option --disable-tests
* configure.ac: Add option --disable-tests.  Print warnings in the
summary.
(DISABLE_TESTS): New am_conditional.
--
GnuPG-bug-id: 4960
2020-08-20 10:54:17 +02:00
Werner Koch
4031c42bfd
gpg,gpgsm: Record the creation time of a private key.
* sm/call-agent.c (gpgsm_agent_genkey): Pass --timestamp option.
(gpgsm_agent_import_key): Ditto.
* g10/call-agent.c (agent_genkey): Add arg timestamp and pass it on.
(agent_import_key): Ditto.
* g10/import.c (transfer_secret_keys): Pass the creation date to the
agent.
* g10/keygen.c (common_gen): Ditto.
--

Having the creation time in the private key file makes it a lot easier
to re-create an OpenPGP public keyblock in case it was accidentally
lost.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-19 13:43:16 +02:00
NIIBE Yutaka
1d66b518ca gpg: Fix condition of string_to_aead_algo.
* g10/misc.c (string_to_aead_algo): Only compare if not NULL.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-08-19 15:18:42 +09:00
Werner Koch
6bcb609e1b
Add --chuid to gpg, gpg-card, and gpg-connect-agent.
* g10/gpg.c (oChUid): New.
(opts): Add --chuid.
(main): Implement --chuid.  Delay setting of homedir until the new
chuid is done.
* sm/gpgsm.c (main): Delay setting of homedir until the new chuid is
done.
* tools/gpg-card.c (oChUid): New.
(opts): Add --chuid.
(changeuser): New helper var.
(main): Implement --chuid.
* tools/gpg-connect-agent.c (oChUid): New.
(opts): Add --chuid.
(main): Implement --chuid.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-14 12:19:11 +02:00
Werner Koch
53d84f9815
gpg: Ignore personal_digest_prefs for ECDSA keys.
* g10/sign.c (hash_for): Simplify hash algo selection for ECDSA.
--

GnuPG-bug-id: 5021
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-13 11:19:22 +02:00
NIIBE Yutaka
373c975859 gpg: Fix trustdb for v5key.
* g10/keydb.h (fpr20_from_pk): New.
* g10/keyid.c (fpr20_from_pk): New.
* g10/tdbio.c (tdbio_search_trust_byfpr): Use fpr20_from_pk.
* g10/trustdb.c (keyid_from_fpr20): New.
(verify_own_keys): Use keyid_from_fpr20.
(tdb_update_ownertrust): Use fpr20_from_pk.
(update_min_ownertrust): Likewise.
(update_validity): Likewise.

--

For the compatibility of existing implementation, we keep the format
of trustdb untouched.  The format of trustdb uses 20-byte fingerprint
for the trust record entry.  To handle both of v4key (with 20-byte
fingerprint) and v5 key (with 32-byte fingerprint), we introduce FPR20
fingerprint, internally.  For v4key, FPR20 is as same as v4
fingerprint.  For v5key, FPR20 is constructed from v5key fingerprint.

GnuPG-bug-id: 5000
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-08-07 13:02:47 +09:00
NIIBE Yutaka
20982bbd75 gpg: Fix short key ID for v5key.
* g10/keyid.c (keyid_from_pk): Return keyid[0] for v5key.
* g10/keyring.c (keyring_search): Handle short key ID for v5key.

--

GnuPG-bug-id: 5000
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-08-07 13:02:40 +09:00
Werner Koch
0774482257
build: Remove expired key of David Shaw from distsigkey.gpg.
--
2020-08-06 11:26:57 +02:00
Werner Koch
d847f0651a
gpg: Add level 16 to --gen-random
* g10/gpg.c (main): Add that hack.
--

This is an yet undocumented hack to allow printing hex encoded random
number with gpg.  The level is forced to be 1 which is is good for
almost all uses.  Note that --armor is ignored.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-05 16:53:34 +02:00
Werner Koch
5c514a274c
gpg: Do not close stdout after --export-ssh-key
* g10/export.c (export_ssh_key): Do not close stdout.
--

stdout should never be closed; this fixes this minor bug.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-16 11:31:13 +02:00
Werner Koch
3e730c55e7
gpg: Reword warning about decryption w/o using a non-encrypt key.
--
2020-07-14 11:01:45 +02:00
NIIBE Yutaka
31ae0718ba gpg: For decryption, support use of a key with no 'encrypt' usage.
* g10/pubkey-enc.c (get_session_key): Don't skip at no PUBKEY_USAGE_ENC.
Emit information the key has no 'encrypt' usage.

--

GnuPG-bug-id: 4246
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-07-10 10:00:00 +09:00
Werner Koch
212f9b20b5
gpg: Print a note if no args are given to --delete-key
--

It is a bit surprising that nothing happens if no key is specified to
--delete-key et al.  Although this is common Unix behaviour the use
might have expected that it behaves like --export and deletes all
keys.  Sure we don't do the latter, so a short notice will help.

GnuPG-bug-id: 4959
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-09 11:24:54 +02:00
Werner Koch
999d25d47d
Do not use the pinentry's qualitybar
* agent/genkey.c (agent_ask_new_passphrase): No qualitybar.
* g10/call-agent.c (agent_get_passphrase): Ditto.
* sm/call-agent.c (gpgsm_agent_ask_passphrase): Ditto.
--

The concept of a passphrase quality indicator is anyway questionable
because user are smart enough to trick them out and they also tend to
limit the actually used entropy.

Except for the red/green switching (to show whether constraints are
fulfilled) our qualitybar is pretty bad and thus worse than none.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-08 14:54:10 +02:00
Werner Koch
a6a4bbf6de
gpg: Use integrated passphrase repeat entry also for -c.
* g10/call-agent.c (agent_get_passphrase): Add arg newsymkey.
* g10/passphrase.c (passphrase_get): Add arg newsymkey.
(passphrase_to_dek): Pass it on.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-08 14:33:25 +02:00
Werner Koch
6864bba78e
gpg: Fix flaw in symmetric algorithm selection in mixed mode.
* g10/encrypt.c (setup_symkey): Use default_cipher_algo function
instead of the fallback s2k_cipher_algo.  Fix error code.
(encrypt_simple): Use setup_symkey.
--

Aside of removing code duplication this patch fixes the flaw that the
S2K cipher algorithm was used when mixing public key and symmetric
encryption or signatures with symmetric encrypion.  The
default_algorithm function should be used here so that the command
line option --cipher-algo and --personal-cipher-preferences have an
effect.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-07 12:58:29 +02:00
Werner Koch
969abcf40c
sm: Exclude rsaPSS from de-vs compliance mode.
* common/compliance.h (PK_ALGO_FLAG_RSAPSS): New.
* common/compliance.c (gnupg_pk_is_compliant): Add arg alog_flags and
test rsaPSS.  Adjust all callers.
(gnupg_pk_is_allowed): Ditto.
* sm/misc.c (gpgsm_ksba_cms_get_sig_val): New wrapper function.
(gpgsm_get_hash_algo_from_sigval): New.
* sm/certcheck.c (gpgsm_check_cms_signature): Change type of sigval
arg.  Add arg pkalgoflags.  Use the PK_ALGO_FLAG_RSAPSS.
* sm/verify.c (gpgsm_verify): Use the new wrapper and new fucntion to
also get the algo flags.  Pass algo flags along.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-03 16:15:29 +02:00
NIIBE Yutaka
45398518fb ecc: Support Ed448/X448 key generation.
* g10/keygen.c (ask_curve): Support Ed448/X448 keys.
(generate_keypair): Support switch to X448 key.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-06-30 14:20:31 +09:00
NIIBE Yutaka
a763bb2580 gpg,agent: Support Ed448 signing.
* agent/pksign.c (do_encode_eddsa): First argument is NBITs,
so that it can support Ed448, as well as Ed25519.
(agent_pksign_do): Follow the change.
* agent/sexp-secret.c (fixup_when_ecc_private_key): No fix-up needed
for Ed448, it's only for classic curves.
* common/openpgp-oid.c (oidtable): Add Ed448.
* common/sexputil.c (get_pk_algo_from_key): Ed448 is only for EdDSA.
* g10/export.c (match_curve_skey_pk): Ed448 is for EdDSA.
* g10/keygen.c (gen_ecc): Support Ed448 with the name of "ed448".
(ask_algo, parse_key_parameter_part): Handle "ed448".
* g10/pkglue.c (pk_verify): Support Ed448.
(pk_check_secret_key): Support Ed448.
* g10/sign.c (hash_for): Defaults to SHA512 for Ed448.
(make_keysig_packet): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-06-24 10:05:03 +09:00
NIIBE Yutaka
c94eea15d6 ecc: Use "cv448" to specify key using X448.
* common/openpgp-oid.c (oidtable): Use "cv448".
(oid_cv448): Rename from oid_x448.
(openpgp_oidbuf_is_cv448, openpgp_oid_is_cv448): Likewise.
* common/util.h (openpgp_oid_is_cv448): Follow the change.
* g10/ecdh.c (pk_ecdh_generate_ephemeral_key): Likewise.
* g10/keygen.c (gen_ecc, ask_algo): Use "cv448".
(parse_key_parameter_part): Likewise.
* g10/pkglue.c (get_data_from_sexp): Fix for debug output.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-06-23 10:10:29 +09:00
Werner Koch
eeb599c9e2
gpg: Fix for new SOS changes when used with Libgcrypt < 1.8.6.
* g10/free-packet.c (is_mpi_copy_broken): New.
(my_mpi_copy): Mix gcry_mpi_copy.
--

Note that in this case it is better to do a runtime check.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-06-09 18:16:44 +02:00
Werner Koch
96f1ed5468
gpg: Extend the TRUST_ status lines.
* g10/pkclist.c (write_trust_status): Add arg mbox.
(check_signatures_trust): Appenmd mbox to the status lines.
--

GnuPG-bug-id: 4735
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-06-09 11:00:16 +02:00
NIIBE Yutaka
da5e0bc31b gpg: Use bytes for ECDH.
* g10/ecdh.c (extract_secret_x): Use byte * instead of MPI.
(prepare_ecdh_with_shared_point): Use char * instead of MPI.
(pk_ecdh_encrypt_with_shared_point): Likewise.
(pk_ecdh_decrypt): Likewise.
* g10/pkglue.h (pk_ecdh_encrypt_with_shared_point, pk_ecdh_decrypt):
Change declaration.
* g10/pkglue.c (get_data_from_sexp): New.
(pk_encrypt): Use get_data_from_sexp instead of get_mpi_from_sexp.
Follow the change of pk_ecdh_encrypt_with_shared_point.
* g10/pubkey-enc.c (get_it): Follow the change of pk_ecdh_decrypt.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-06-09 15:45:51 +09:00
NIIBE Yutaka
e9760eb9e7 gpg: Add X448 support.
* common/openpgp-oid.c (oidtable): Add X448.
(oid_x448,openpgp_oidbuf_is_x448,openpgp_oid_is_x448): New.
* common/util.h (openpgp_oid_is_x448): New.
* g10/ecdh.c (gen_k): Add handling of opaque MPI and support
endianness.
(pk_ecdh_generate_ephemeral_key): X448 requires opaque MPI.
* g10/keygen.c (gen_ecc): Add support for X448.
(ask_algo, parse_key_parameter_part): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-06-09 14:56:50 +09:00
NIIBE Yutaka
f5bc945554 gpg,ecc: Handle external representation as SOS with opaque MPI.
* g10/pkglue.h (sexp_extract_param_sos): New.
* g10/build-packet.c (sos_write): New.
(do_key, do_pubkey_enc, do_signature): Use sos_write for ECC.
* g10/export.c (cleartext_secret_key_to_openpgp): Use
sexp_extract_param_sos.
(transfer_format_to_openpgp): Use opaque MPI for ECC.
* g10/keygen.c (ecckey_from_sexp): Use sexp_extract_param_sos.
* g10/keyid.c (hash_public_key): Handle opaque MPI for SOS.
* g10/parse-packet.c (sos_read): New.
(parse_pubkeyenc,parse_signature,parse_key): Use sos_read for ECC.
* g10/pkglue.c (sexp_extract_param_sos): New.
(pk_verify): Handle opaque MPI for SOS.
(pk_encrypt): Use sexp_extract_param_sos.
* g10/seskey.c (encode_session_key): Use opaque MPI.
* g10/sign.c (do_sign): Use sexp_extract_param_sos.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-06-09 10:32:47 +09:00
Werner Koch
5c2080f467
gpg: If possible TRUST values now depend on signer's UID or --sender.
* g10/mainproc.c (check_sig_and_print): Add failsafe check for PK.
Pass KEYBLOCK down do check_signatures_trust.  Protect existsing error
ocde in case the signature expired.
* g10/pkclist.c (is_in_sender_list): New.
(check_signatures_trust): Add args keyblock and pk.  Add new uid based
checking code.
* g10/test-stubs.c, g10/gpgv.c: Adjust stubs.
--

GnuPG-bug-id: 4735
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-06-08 20:13:25 +02:00
Werner Koch
c1c607a51c
doc: Minor code comment fixes.
--
2020-06-08 15:22:58 +02:00
Werner Koch
48251cf9a7
gpg: Improve generation of keys stored on card (brainpool,cv25519).
* g10/keygen.c (ask_key_flags_with_mask): Allow more than ECDH for
legacy curves.
(ask_algo): Tweak mapping of ECC to OpenPGP algos
(parse_key_parameter_part): Ditto.
(generate_subkeypair): Create the subkey with the time stored on the
card.
--

This fixes two problems with generating keys from a card:

1. The key usage is now set correctly for brainpool curves.

2. The add-key and --quick-add-key commands now also take the creation
   time from the time stored on the card.  Without that we would need
   to update the creation time and fingerprint already stored on the
   card which is a no-go if another key has already been created using
   that on-card key.

Note: To create a key on a card without an OpenPGP keyblock use
gpg-card.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-06-03 16:22:42 +02:00
NIIBE Yutaka
510bda7d37 gpg: Clean up ECDH code path (5).
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Now, it's only for
encrytion.
(pk_ecdh_decrypt): Use prepare_ecdh_with_shared_point and move decrypt
code path in original pk_ecdh_encrypt_with_shared_point here.
* g10/pkglue.h (pk_ecdh_encrypt_with_shared_point): Change API.
* g10/pkglue.c (pk_encrypt): Follow the change.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-22 11:58:21 +09:00
NIIBE Yutaka
64d93271bf gpg: Clean up ECDH code path (4).
* g10/ecdh.c (prepare_ecdh_with_shared_point): New.
(pk_ecdh_encrypt_with_shared_point): Fixing error paths for closing
the cipher handle, use prepare_ecdh_with_shared_point.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-22 11:44:36 +09:00
NIIBE Yutaka
80c02d13d9 gpg: Clean up ECDH code path (3).
* g10/ecdh.c (derive_kek): New.
(pk_ecdh_encrypt_with_shared_point): Use derive_kek.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-22 11:24:38 +09:00
NIIBE Yutaka
a973d91138 gpg: Clean up ECDH code path (2).
* g10/ecdh.c (build_kdf_params): New.
(pk_ecdh_encrypt_with_shared_point): Use build_kdf_params, and check
things before extract_secret_x.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-22 10:40:47 +09:00
NIIBE Yutaka
960d37644c gpg: Clean up ECDH code path (1).
* g10/ecdh.c (extract_secret_x): New.
(pk_ecdh_encrypt_with_shared_point): Use extract_secret_x.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-22 10:04:35 +09:00
Werner Koch
9bc9d0818b
doc: Typo fixes in code comments
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-04 14:55:34 +02:00
Werner Koch
cec397e002
gpg: Make AEAD modes subject to compliance checks.
* g10/decrypt-data.c (decrypt_data): Move aead algo detection up.
--

Note that the AEAD modes are not yet approved for --compliance=de-vs

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-16 08:52:29 +02:00
Werner Koch
5c47e7825b
indent: Some typo and indentation changes for gpg.
--
2020-04-15 22:23:10 +02:00
Werner Koch
df0edaf91a
gpg: Fix broken setting of AEAD algo.
* g10/main.h (DEFAULT_AEAD_ALGO): Set to OCB.
--

With the old code and using libgcrypt 1.9 would have switched from the
high performance OCB to the ugly EAX mode.  We are free software, we
are OCB.
2020-04-15 22:21:46 +02:00